[1]秦辉东,杨加,李笑难,等.基于多特征的DNS异常检测技术研究[J].深圳大学学报理工版,2020,37(增刊1):36-43.[doi:10.3724/SP.J.1249.2020.99036]
 QIN Huidong,YANG Jia,LI Xiaonan,et al.Research on DNS anomaly detection technology based on multiple features[J].Journal of Shenzhen University Science and Engineering,2020,37(增刊1):36-43.[doi:10.3724/SP.J.1249.2020.99036]
点击复制

基于多特征的DNS异常检测技术研究()
分享到:

《深圳大学学报理工版》[ISSN:1000-2618/CN:44-1401/N]

卷:
第37卷
期数:
2020年增刊1
页码:
36-43
栏目:
网络空间安全
出版日期:
2020-11-20

文章信息/Info

Title:
Research on DNS anomaly detection technology based on multiple features
文章编号:
202099007
作者:
秦辉东杨加李笑难马皓罗子渊郭强
北京大学计算中心,北京 100871
Author(s):
QIN Huidong YANG Jia LI Xiaonan MA Hao LUO Ziyuan and GUO Qiang
Computer Center, Peking University, Beijing 100871, P.R.China
关键词:
数据挖掘DNS日志时间序列行为模式异常检测
Keywords:
data miningdomain name system (DNS) logtime sequencebehavior modeanomaly detection
分类号:
TP309
DOI:
10.3724/SP.J.1249.2020.99036
文献标志码:
A
摘要:
基于校园网实际域名系统(domain name system, DNS)服务日志,研究DNS异常行为的检测方法,提出针对DNS源IP异常检测的基于多维时序特征的局部异常因子检测(local outlier factor, LOF)算法,并在此基础上,提出基于多特征的域名异常分析方法,以实现更为精准的DNS异常识别,保障校园网的稳定和安全.
Abstract:
In this paper, we propose a local outlier factor (LOF) algorithm based on multi-dimensional timing characteristics for detecting abnormal source IPs of DNS. The algorithm is used to identify abnormal source IPs of the DNS traffic of a campus network. Based on the algorithm, we further introduce a multi-feature-based abnormal domain name detection method and efficiently improve the detection of DNS anomalies of the campus network.

相似文献/References:

[1]明仲,林朝哲,蔡树彬.并行PSVM算法及其在入侵检测中的应用[J].深圳大学学报理工版,2010,27(3):327.
 MING Zhong,LIN Chao-zhe,and CAI Shu-bin.Parallel proximal support vector machine and its application in intrusion detection[J].Journal of Shenzhen University Science and Engineering,2010,27(增刊1):327.
[2]陆楠,杜文峰,梁正平.基于FP-tree目录分割自适应算法[J].深圳大学学报理工版,2011,28(No.4(283-376)):341.
 LU Nan,DU Wen-feng,and LIANG Zheng-ping.A self-adaptive algorithm for the problem of catalog segmentation based on FP-tree[J].Journal of Shenzhen University Science and Engineering,2011,28(增刊1):341.
[3]刘大有,董婥,王生生.基于矩形代数和公共模式方法的相似图像检索[J].深圳大学学报理工版,2012,29(No.2(095-188)):100.[doi:10.3724/SP.J.1249.2012.02100]
 LIU Da-you,DONG Chuo,and WANG Sheng-sheng.An improved similarity retrieval of images based on CPM and rectangle algebra[J].Journal of Shenzhen University Science and Engineering,2012,29(增刊1):100.[doi:10.3724/SP.J.1249.2012.02100]
[4]王娜,李霞,徐红英.社会网络分析之社区发现研究[J].深圳大学学报理工版,2014,31(1):35.[doi:10.3724/SP.J.1249.2014.01035]
 Wang Na,Li Xia,and Xu Hongying.Research on community detection in social network[J].Journal of Shenzhen University Science and Engineering,2014,31(增刊1):35.[doi:10.3724/SP.J.1249.2014.01035]
[5]陆楠,陆春一,周春光.快速发现关联规则挖掘算法的并行化方法[J].深圳大学学报理工版,2005,22(4):334.
 LU Nan,LU Chun-yi,ZHOU Chun-Guang.The parallel method on fast finding mining algorithms of association rules[J].Journal of Shenzhen University Science and Engineering,2005,22(增刊1):334.
[6]陆楠,周春光.WEB数据挖掘中异构数据集成问题的研究[J].深圳大学学报理工版,2002,19(3):31.
 LU Nan,ZHOU Chun-guang.Researches of Different Data Integration on WEB Data Mining[J].Journal of Shenzhen University Science and Engineering,2002,19(增刊1):31.
[7]陆 楠,周春光.互连性层次聚类法在交易数据聚类分析中的应用[J].深圳大学学报理工版,2003,20(1):63.
 LU Nan and ZHOU Chun-guang.The Application of Clustering Analysis to Transactional Data-set with Interconnecting Cluster Method[J].Journal of Shenzhen University Science and Engineering,2003,20(增刊1):63.
[8]杨峻山,纪震,谢维信,等.基于粒子群优化的生物组学数据分类模型选择[J].深圳大学学报理工版,2016,33(3):264.[doi:10.3724/SP.J.1249.2016.03264]
 Yang Junshan,Ji Zhen,Xie Weixin,et al.Model selection based on particle swarm optimization for omics data classification[J].Journal of Shenzhen University Science and Engineering,2016,33(增刊1):264.[doi:10.3724/SP.J.1249.2016.03264]
[9]陈星宇,周展,黄俊文,等.基于关键词挖掘的客户细分方法[J].深圳大学学报理工版,2017,34(3):300.[doi:10.3724/SP.J.1249.2017.03300]
 Chen Xingyu,Zhou Zhan,Huang Junwen,et al.A keyword-based mining method for customer segmentation[J].Journal of Shenzhen University Science and Engineering,2017,34(增刊1):300.[doi:10.3724/SP.J.1249.2017.03300]
[10]谷建伟,隋顾磊,李志涛,等.基于ARIMA-Kalman滤波器数据挖掘模型的油井产量预测[J].深圳大学学报理工版,2018,35(6):575.[doi:10.3724/SP.J.1249.2018.06575]
 GU Jianwei,SUI Gulei,LI Zhitao,et al.Oil well production forecasting method based on ARIMA-Kalman filter data mining model[J].Journal of Shenzhen University Science and Engineering,2018,35(增刊1):575.[doi:10.3724/SP.J.1249.2018.06575]

备注/Memo

备注/Memo:
Received:2020-10-01
Corresponding author:Assistant engineer QIN Huidong.E-mail: hdqin@pku.edu.cn
Citation:QIN Huidong, YANG Jia, LI Xiaonan,et al. Research on DNS anomaly detection technology based on multiple features[J]. Journal of Shenzhen University Science and Engineering, 2020, 37(Suppl.1): 36-43.(in Chinese)
作者简介:秦辉东(1994—),北京大学助理工程师.研究方向:数据挖掘.E-mail:hdqin@pku.edu.cn
引文:秦辉东,杨加,李笑难,等.基于多特征的DNS异常检测技术研究[J]. 深圳大学学报理工版,2020,37(增刊1):36-43.
更新日期/Last Update: 2020-11-26